Boletines de Vulnerabilidades

MSA-23-0039: XSS risk when previewing data in course upload tool


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. The course upload preview contained an XSS risk for users uploading unsafe data.Severity/Risk:MinorVersions affected:4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versionsVersions fixed:4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24Reported by:Paul HoldenWorkaround:Verify the contents and trustworthiness of course data before uploading it.CVE identifier:CVE-2023-5547Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=451588&parent=1814896

Identificadores estándar

Propiedad Valor
CVE CVE-2023-5547.

Histórico de versiones

Versión Comentario Data
Ministerio de Defensa
CNI
CCN
CCN-CERT